itadm is implemented as a set of subcommands with options and operands for each subcommand. These subcommands are described in their own section, below. In addition to its subcommands, itadm has a help command, which displays the utility's usage information. The help command is invoked with the -? option.

iSCSI Target Portal Groups An iSCSI Target Network Portal is an IP address and TCP port that can be used by an initiator node to connect to an iSCSI target. A collection of these portals is called a Target Portal Group (TPG). You can use a TPG to limit access to an iSCSI target. Use the itadm modify -t command to bind a specific iSCSI target to the TPG. An iSCSI listener is created on each IP address that belongs to the TPG, and listens for connections to the iSCSI target.

A TPG is identified by a unique name provided when the TPG is created. A numerical "Target Portal Group Tag" from the range 2-65535 is automatically generated when the TPG is created. The Target Portal Group Tag 1 is reserved for the "default" target portal group that is used when no explicit Target Portal Groups are set on the target. The portal for the default TPG matches requests from all network interfaces on port 3260.

iSCSI Initiator Node Contexts Certain operations such as authentication by means of Challenge Handshake Authentication Protocol (CHAP) require parameters associated with a remote iSCSI Initiator Node. These parameters are associated with an iSCSI Initiator Node Context. An iSCSI Initiator Node Context is identified by its Initiator Node Name, formatted in either IQN or EUI format (see RFC 3720). For example:

A number of itadm subcommands require that you specify one or more IP addresses with optional port numbers. For IPv4, use standard dotted decimal notation. For IPv6, enclose addresses in square brackets. The following are example specifications.

Create a iSCSI target with the specified options. Options are as follows.

-a,--auth-method radius | chap | none | default

Specifies the authentication method to use for the target. Valid values are radius, chap, and none. chap indicates that initiators connecting to this target must be authenticated using the Challenge Handshake Authentication Protocol (CHAP). radius indicates initiators should also be authenticated by means of CHAP but the required authentication parameters should be obtained from a central RADIUS server (see the radius-server and radius-secret options). none means that no authentication is required to connect to the target. default means the target will use the global setting of this property. (See the modify-defaults subcommand.)

-s,--chap-secret

The CHAP secret to send during mutual CHAP authentication. There is no default for this property. Maximum length is 255 characters; minimum required length is 12 characters.

-S,--chap-secret-file path

Path to a temporary file containing the CHAP secret as described in the -s option.

-u,--chap-user chap-user-name

Specifies the CHAP username for a target for use in mutual CHAP authentication. This value is allowed only for targets, cannot be set globally, and is used only when the initiator node is configured to use mutual CHAP authentication. If no value is specified then the target node name is used as the username. See iscsiadm(1M).

-n,--node-name target_node_name

An iSCSI Target Node is identified by its Target Node Name, formatted in either IQN or EUI format (see RFC 3720). This option establishes that name.

-l,--alias alias

An alternate identifier associated with a target node. The identifier does not need to be unique.

-t,--tpg tpg-name[,tpg-name,...]

A list of Target Portal Group (TPG) identifiers that specifies the TPGs that an initiator can use to access a specific target or the keyword default. If default is specified, the target will use the default portal, INADDR_ANY:3260.

List information about the configured targets. If target_node_name is specified, list only the information for that target. Options are as follows.

-p,--parsable

Used for scripting mode. Do not print headers and separate fields by a single tab instead of arbitrary white space.

-v,--verbose

Verbose mode.

itadm delete-target itadm delete-target [-f,--force] target_node_name

Delete the target specified by target_node_name. The target must beoffline before it can be deleted. Option is as follows.

-f,--force

If the target persists in an online state, this option attempts to offline the target before deleting it.

itadm create-tpg itadm create-tpg tpg_nameIP-address[:port]...

Create an iSCSI target portal group made up of the specified portals and assign it the identifier tpg_name. Each portal is an IP address and port pair. IPv4 portals are specified in dotted address notation, for example, 172.31.255.255. IPv6 portal addresses must be enclosed in square brackets.

Specifies the default authentication method to use for all targets. Valid values are radius, chap, and none. chap indicates that initiators connecting to this target must be authenticated using Challenge Handshake Authentication Protocol (CHAP). radius indicates initiators should also be authenticated by means of CHAP, but the required authentication parameters should be obtained from a central RADIUS server. (See --radius-server and --radius-secret options.)none means that no authentication is required to connect to the target. Individual targets can override this global setting using the-a option of the create-target and modify-target subcommands.

-d,--radius-secret

RADIUS Shared Secret for centralized CHAP authentication.

-D,--radius-secret-file path

Path to a temporary file containing the CHAP secret as described in the -d option.

-i,--sns enable | disable

Specifies whether targets should be registered with the set of defined iSCSI Name Service (iSNS) servers.

-I,--isns-server IP-address[:port][,IP-address[:port],...]

Defines a list of iSNS servers with which iSCSI target nodes will be registered when the isns option associated with the respective target is set. Up to eight iSNS servers can be specified. To remove all iSNS servers, use -I none.

-r,--radius-server IP-address[:port]

Specify the IP address of the RADIUS server used for centralized CHAP authentication.

itadm list-defaults itadm list-defaults [-p,--parsable]

List information about the default properties. Option is as follows.

-p,--parsable

Used for scripting mode. Do not print headers and separate fields by a single tab instead of arbitrary white space.